It’s Time to Rein In IRS and SEC Snooping

With each passing generation of technology, the online world and real world are becoming seamlessly integrated. Today’s Internet and smartphones connect consumers and machines, and the world wide web has more than 2.4 billion users. So it’s not surprising that a data breach like Heartbleed is setting off alarm bells. Millions of consumers are at risk of having sensitive data exposed to hackers, criminals and perhaps even the NSA. While businesses have rushed to implement fixes to this latest breach, there’s still one privacy breach that remains impermeable: federal snooping on private citizens.

In the real world, the Fourth Amendment guarantees that "the right of the people to be secure in their persons, papers, and effects against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause…." This requires law enforcement officials to obtain a warrant from a judge prior to entering a home and seizing anything. More broadly, if an individual has a reasonable expectation of privacy, a warrant is required to conduct a search. Since the amendment was adopted in 1792, the courts have hammered out the specific applications of the law as times changed. While the case history addresses a number of issues, the application of the Fourth Amendment to the digital world remains ambiguous, and in some instances, archaic. While consumers have made the shift to the online world, the government remains mired in the past.

The Supreme Court appears set to address some of the issues this spring. A pair of cases-Riley v. California and United States v. Wurie-will address the admissibility of information obtained from cell phones. Oral arguments are scheduled for April 29, providing the Supreme Court an opportunity to clarify the role of
Fourth Amendment protection in today’s wired world. Meanwhile, the Obama administration has been silent on the issue, despite a petition with 100,000 signatures asking the administration to end warrantless searches of email.

Congress is working to address the issue through reform of the outdated Electronic Communications Privacy Act (ECPA), which was an early attempt to update wiretapping rules and define what digital information required a warrant prior to search. Unfortunately, ECPA was passed in 1986, long before the cloud and big data came into being, and its mandates and protections refer to a world that no longer exists. For example, ECPA relies on a notorious "180 day rule": any email older than 180 days may be accessed without a warrant. At the time ECPA passed, data storage was expensive and lawmakers did not expect data to be kept online for significant periods of time. Moore’s Law and falling costs of storage led to developments that were inconceivable by Congress in 1986.

To address these incongruities, ECPA reform bills have been introduced in both the Senate and the House. Sens. Patrick Leahy (D-Vt.) and Mike Lee (R-Utah) introduced the Electronic Communications Privacy Act Amendment, which has been adopted by the Senate Judiciary Committee. On the House side, Reps. Kevin Yoder (R-Kan.), Tom Graves (R-Ga.) and Jared Polis (D-Colo.) have introduced the Email Privacy Act that would implement protections similar to those in the Senate bill, including the elimination of the 180-day rule. While the House bill already has 200 sponsors, it appears that an entrenched bureaucracy is attempting to derail any efforts to modernize an obviously anachronistic law. In particular, the Securities and Exchange Commission (SEC), cheered on by other regulatory agencies, has raised objections to the reform bills. Yet the SEC’s opposition provides an ideal example of why reform is so important. In recent testimony, SEC Chair Mary Jo White stated that the agency relies exclusively on the power of a subpoena, which is the authority to compel individuals to provide information. Individuals may have a chance to question or challenge the subpoena, but there are no requirements to obtain a warrant. The agency has the discretion to determine what information it collects.

While the SEC has been most forthright in its acknowledged disdain for warrants, other agencies also challenge the need for reform. The IRS, for one, has stated that emails have no expectation of privacy and therefore require no warrant for federal snooping. Like other agencies, the IRS relies on loopholes in the outdated ECPA legislation. Contrary to the IRS, the United States Court of Appeals for the Sixth Circuit thought otherwise and stated that there is an expectation of privacy associated with email. With agencies intervening to stifle a legislative solution, ECPA reform remains in limbo. Perhaps the Supreme Court will address these concerns in its upcoming cases.

Either way, it must be remembered that the Fourth Amendment was adopted for a reason: to protect citizens from an overzealous government. Times change, but protections should not. The Fourth Amendment should not be dismantled by federal bureaucrats bent on unhindered snooping in the digital world.